Research-containers

Revision as of 05:34, 7 September 2024 by Maintenance script (talk | contribs) (Initial)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Containers for Digital Force Protection and Collaborative Research

Return to DFP Guides Return to Research ## Overview

This guide provides a step-by-step approach to using Docker containers for achieving digital force protection, maintaining elevated privacy, and ensuring continuity of system/behavior fingerprinting while conducting research. The instructions range from setting up simple, single-instance browser containers to more complex configurations involving multiple instances, using Kasm Workspaces images. The focus is on how containers can be used to protect against digital threats and manage attribution in a collaborative research environment.

1. What Are Containers and How Do They Compare to VMs?

Containers are lightweight, standalone, and executable software packages that include everything needed to run a piece of software, including the code, runtime, libraries, and dependencies. Unlike virtual machines (VMs) , containers share the host system’s kernel and resources, making them much more efficient in terms of performance and resource usage.

Benefits of Containers

Isolation: Containers provide process and network isolation, ensuring that software runs in a secure, isolated environment. ' Real-World Example: A research team uses containers to run multiple instances of a browser for OSINT operations, ensuring that each instance is isolated and cannot interfere with or affect others, which would be a risk if all instances were running on a shared VM. Efficiency: Containers are lightweight compared to VMs, allowing for faster startup times and reduced resource consumption.

  • Real-World Example: A development team uses containers to deploy services in production. Since containers are lightweight, they can quickly scale up or down depending on the load, reducing costs and improving performance.

Shortcomings Compared to VMs

Shared Kernel: Containers share the host system’s kernel, which might pose a security risk if the kernel is compromised.

  • Real-World Example: If a vulnerability exists in the host kernel, it could potentially be exploited to escape a container and affect other containers or the host system, which is less likely with a fully isolated VM.

Limited Hardware Emulation: Unlike VMs, containers cannot emulate hardware, which might be necessary for some applications.

  • Real-World Example: A company needing to test software on different hardware architectures (e.g., ARM vs. x86) would need to use VMs or physical hardware, as containers cannot emulate different hardware architectures.

Installing Docker

To begin using Docker, you need to install it on your system. Follow the official Docker installation guide based on your operating system: - Install Docker

Installing Kasm Workspaces

To install Kasm Workspaces, follow the instructions provided in the Kasm Workspaces Documentation to install the Community Edition or the Enterprise Edition based on your requirements.

Finding Containers

Find Open Source Containers: https://hub.docker.com/ List of Kasm ready containers: https://hub.docker.com/u/kasmweb/

kasmweb/firefox

  1. Purpose: This is a pre-configured Firefox browser container designed for privacy and security.
  2. Use Case: Perfect for researchers who need a secure, elevated private browsing environment without worrying about tracking or leaving a digital footprint.

kasmweb/tor-browser

  1. Purpose: A containerized version of the Tor Browser, which routes your internet traffic through the Tor network for maximum elevated privacy.
  2. Use Case: Ideal for researchers who require the highest level of privacy and need to bypass censorship or access resources that are otherwise restricted.

kasmweb/brave

  1. Purpose: Brave is a privacy-focused browser with built-in ad-blocking. This container version from Kasm is optimized for secure browsing.
  2. Use Case: Great for teams who need a browser that combines ease of use with strong privacy features.

jlesage/firefox

  1. Purpose: A simple Firefox container that’s easy to set up and use. It provides isolated browsing sessions without the complexities of a full Kasm environment.
  2. Use Case: Suitable for individual users who need a straightforward way to browse the internet securely.

kali-linux/kali-rolling

  1. Purpose: A containerized version of Kali Linux, a popular distribution used for security auditing and penetration testing.
  2. Use Case: While more advanced, this container can be used by research teams needing to test security in an isolated environment.

2. Basic Setup: Running a Firefox Browser in Docker

Purpose

A simple, isolated environment for web browsing using a standard Firefox Docker image.

Steps

  1. Pull the Firefox Docker Image:

    <syntaxhighlight lang="bash">docker pull jlesage/firefox</syntaxhighlight>
  2. Run the Docker Container:

    <syntaxhighlight lang="bash">docker run -d -p 5800:5800 jlesage/firefox</syntaxhighlight>
  3. Access the Browser:

  4. Port Customization:

    • Custom Ports: If port 5800 is already in use or you need to run multiple instances, you can change the port mapping:

      <syntaxhighlight lang="bash">docker run -d -p 5900:5800 jlesage/firefox</syntaxhighlight>

      • This command maps port 5900 on your host to port 5800 in the container, allowing you to access the browser at http://localhost:5900.

Use Case

Suitable for quick, isolated web browsing sessions with minimal setup.

3. Intermediate Setup: Using Kasm Workspaces for Enhanced Security

Purpose

Leverage Kasm Workspaces’ containerized browser images to ensure elevated privacy and protection from tracking while conducting sensitive research.

Steps

  1. Search for and Pull the Kasm Firefox Docker Image:

    • Searching for Docker Images:

      • Use Docker Hub to find good Docker images by searching for keywords related to your needs (e.g., “browser,” “firefox,” “security”). Review the image details, including the number of pulls, star ratings, and readme documentation, to ensure it’s a well-maintained and trusted image.

      <syntaxhighlight lang="bash">docker search kasmweb</syntaxhighlight>

      • This command searches Docker Hub for images related to Kasm Workspaces.
    • Pull the Specific Firefox Image:

      <syntaxhighlight lang="bash">docker pull kasmweb/firefox:1.14.0</syntaxhighlight>
  2. Run the Firefox Container via Kasm Workspaces:

    <syntaxhighlight lang="bash">sudo docker run --rm -it --shm-size=512m -p 6901:6901 -e USER=user -e VNC_PW=password kasmweb/firefox:1.14.0</syntaxhighlight>
  3. Run the Tor Browser via Kasm Workspaces:

    <syntaxhighlight lang="bash">sudo docker run --rm -it --shm-size=512m -p 6902:6901 -e USER=user -e VNC_PW=password kasmweb/tor-browser:1.15.0-rolling</syntaxhighlight>
  4. Access the Browsers:

Use Case

Ideal for scenarios requiring enhanced security, such as OSINT operations or secure web research. Provides a managed attribution solution that prevents any lasting footprint after sessions.

Why Use Kasm Workspaces Images?

Individual Browser Images: These allow you to run specific browsers in isolation with minimal setup. This is ideal for those who need to control their environment closely. Full Kasm Workspaces Deployment: Kasm provides a GUI for managing multiple browser sessions but requires more resources and comes with a limitation of 5 active sessions in the trial version. This option is better suited for smaller teams or users who prefer an easier, GUI-driven setup.

4. Advanced Setup: Running Multiple Browser Instances for Team Research

Purpose

Run multiple instances of browsers (e.g., Firefox) to simulate or support team-based research, each with unique usernames but consistent passwords.

Steps

MacOS and Linux Terminal

Set Up Variables for Flexible Configuration: Paste this into your terminal and adjust the variables as needed. These variables will reset with each terminal session.

TODO: Create multiple usernames. This will require creating the users within the kasm container. Possibly "useradd -m ${username}$i && echo '${username}$i:$password' | chpasswd && su - ${username}$i -c 'startkasmvnc'" Though this may more advanced than a normal user would like to take this or be better suited for a script let along using the official full kasm instance with full userhandling. bash image="firefox:1.14.0" password="your_password_here" #default password for all users username="user" #base username for users and name of container ct_num=6 #number of containers of this type to start

  1. Create a Loop to Run Multiple Firefox Containers: This loop will create as many Docker containers of the Kasm image as you want to run.

    <syntaxhighlight lang="bash">for i in {1..$ct_num}; do

       sudo docker run --rm -d --shm-size=512m -p $((6900+i)):6901  -e VNC_PW="$password" --name="${username}$i" kasmweb/"$image"
       echo "https://localhost:$((6900+i))"
       sleep 2 # briefly pause before starting the next container
    

    done</syntaxhighlight>

    Windows CMD

    `` shell @echo off set image=firefox:1.14.0 set password=your_password_here set username=user set ct_num=6

for /L %%i in (1,1,%ct_num%) do ( docker run –rm -d –shm-size=512m -p 690%%i:6901 -e USER=%username% -e VNC_PW=%password% –name=%username%%%i kasmweb/%image% echo https://localhost:690%%i timeout /t 2 )

3. Access the Instances: - Each instance is accessible via a different port: -https://localhost:6901foruser1-https://localhost:6902foruser2- ... -https://localhost:6915foruser15 - Use the same VNC password to access all instances.

Make sure you access via HTTPS, or you will encounter an error and not see the session.

Use Case

Ideal for research teams needing to maintain continuity of fingerprinting while working collaboratively. Allows for managed attribution across multiple sessions while maintaining security and elevated privacy.

5. Advanced Considerations: Network Configuration for Consistent IP Attribution and Secure Remote Access

Purpose

For teams or individuals needing to maintain consistent IP attribution or requiring secure remote access to resources, various network configuration options can be employed. These include using a VPN for consistent IP attribution, Tailscale for secure device connectivity, and Cloudflare Tunnel for accessing services via a domain.

Options

1. Using a VPN for Consistent IP Attribution

Purpose: To ensure that all Docker containers appear as though they are originating from the same IP address, which can be crucial for maintaining a consistent digital fingerprint across multiple sessions. Steps: # Install and Configure a VPN on the Host: # Choose and install a VPN client on your host machine. # Connect to the VPN before starting any Docker containers. # Run Docker Containers After Connecting to the VPN: # Start your Docker containers as usual after the VPN is active. This ensures that all container traffic routes through the VPN, providing a unified IP address for all operations. Use Case: Useful for teams conducting coordinated research that needs to appear as originating from a single entity, thereby maintaining consistent attribution.

2. Using Tailscale for Secure Connectivity Across Devices

Purpose: Tailscale allows you to create a secure, encrypted network between your devices, enabling them to communicate with each other as if they were on the same local network, regardless of their physical location. Steps: # Install Tailscale on Your Devices: # Download and install Tailscale on your host machine and any remote devices you want to connect. # Authenticate and Join the Network: # Log in with your Tailscale account and join your devices to the same Tailscale network. # Access Docker Containers Remotely: # Use Tailscale IP addresses to securely access your Docker containers from any device on the Tailscale network. Use Case: Ideal for researchers or teams needing secure remote access to Docker containers and other services hosted on the same network, without the complexity of traditional VPNs.

3. Using Cloudflare Tunnel for Secure Domain Access

Purpose: Cloudflare Tunnel (formerly Argo Tunnel) allows you to securely expose your Docker containers to the internet via a custom domain without needing to open ports on your host machine. Steps: # Visit Cloudflare Tunnel Website: # For detailed instructions on setting up Cloudflare Tunnel, visit the Cloudflare Tunnel website and select tunnels on the left-hand menu. (You will need a Cloudflare account and domain name to proceed with this method.) # Install Cloudflared: # Follow the instructions provided by Cloudflare to install the Cloudflared daemon on your host machine. # Authenticate with Cloudflare: # Log in to your Cloudflare account and authenticate the tunnel as instructed. # Create and Configure a Tunnel: # Set up a Cloudflare Tunnel to forward traffic from your domain to your Docker containers as guided by Cloudflare. # Access Your Docker Containers via Domain: # Once configured, your Docker containers will be accessible securely via your custom domain, managed through Cloudflare. Use Case: Perfect for teams or individuals who need to access Docker containers securely over the internet without exposing their IP address, or for those needing to provide remote access to services through a domain.

Further Resources

Kasm Technologies Documentation: Kasm Workspaces Documentation Community Edition: Kasm Community Edition Docker Hub Search: Docker Hub